mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-10 08:16:15 +02:00
* Set the umask to known value (0022). This is important in a
setuid installation, since the calling user may have a more fascist umask (say, 0077), which would cause the store objects built by Nix to be unreadable to anyone other than the Nix user.
This commit is contained in:
parent
550d960586
commit
e043fc7d0b
1 changed files with 6 additions and 0 deletions
|
@ -91,6 +91,12 @@ static void initAndRun(int argc, char * * argv)
|
|||
if (sigaction(SIGPIPE, &act, &oact))
|
||||
throw SysError("ignoring SIGPIPE");
|
||||
|
||||
/* There is no privacy in the Nix system ;-) At least not for
|
||||
now. In particular, store objects should be readable by
|
||||
everybody. This prevents nasty surprises when using a shared
|
||||
store (with the setuid() hack). */
|
||||
umask(0022);
|
||||
|
||||
/* Process the NIX_LOG_TYPE environment variable. */
|
||||
string lt = getEnv("NIX_LOG_TYPE");
|
||||
if (lt != "") setLogType(lt);
|
||||
|
|
Loading…
Reference in a new issue